<?php
	session_start();
	require_once '../host_config.php';
	require_once '../Model/mysql.php';
	if (!isset($_SESSION['shopid']) && isset($_SESSION['flag'])) {
		echo "<script language='javascript'>";
		echo "alert('You have no permission to read this page!');";
		echo "history.back();";
		echo "</script>";
		header("location:../login.php");
	}else if($_SESSION['flag'] == "2") {
			 
	}else if($_SESSION['shopid'] != $_GET['id']) {
		header("location:select.php?id=".$_SESSION['shopid']);
	}
		$link = mysql_connect($mysql_host, $mysql_user, $mysql_passwd) or die('Connect mysql fail');
		$db_selected = mysql_select_db($mysql_db, $link) or die('Select database fail');
		mysql_query("SET NAMES 'utf8'");
	
?>
<html>
<head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
</html>
<?php
	//$mysql = new MySQL();
	//$link = $mysql->connect($mysql_host, $mysql_user, $mysql_passwd, $mysql_db);
	
	
    
	   // require('../Model/mysql.php');
	   // require('../host_config.php');
		$shopid = $_GET["id"];
		$shopid = mysql_real_escape_string($shopid);
		$clientName = $_POST["clientName"];
    	$clientName = mysql_real_escape_string($clientName);
		if ($clientName == NULL) {
		    echo "<script language='javascript'>";
            echo "alert('姓名需要填寫');";
            echo "history.back();";
            echo "</script>";
            die();
	    }
		$orderofNumber = $_POST["orderNumber"];
    	$orderofNumber = mysql_real_escape_string($orderofNumber);
		if ($orderofNumber == NULL) {
       		echo "<script language='javascript'>";
            echo "alert('數量需要填寫');";
            echo "history.back();";
            echo "</script>";
            die();
        }
		$cellPhone = $_POST["clientPhone"];
		$cellPhone = mysql_real_escape_string($cellPhone);
		if ($cellPhone == NULL) {
            echo "<script language='javascript'>";
            echo "alert('電話需要填寫');";
            echo "history.back();";
            echo "</script>";
            die();
        }
     
    	$ordertime = date("Y-m-d H:i");
		$sql = "SELECT `fullname`, `maxofnumber`, `currentnumber`, `perordernumber` FROM `Shops` WHERE `shopid` = '$shopid'";
		$query = mysql_query($sql, $link) or die ("Execute sql query fail!!");
       	$row = mysql_fetch_row($query);
      	$maxofnumber = $row[1];
      	//$single_number = $row[3];
      	
      	if($orderofNumber > 0) {
      		if($orderofNumber > $maxofnumber) {
      			echo "<script language='javascript'>";
      			echo "alert('訂位人數超過最大可供訂位人數');";
      			echo "history.back();";
      			echo "</script>";
      			die();
      		}
      		$currentnumber = $row[2];
      		$ShopName = $row[0];
      		//$randomNumber = "0000";
     		if ($maxofnumber - $currentnumber < $orderofNumber) {
      			$sql = "INSERT INTO `Client` VALUES (NULL, '$shopid', '$clientName', '$orderofNumber', '$cellPhone', '$ordertime', 'NULL', 'NULL', 'NULL', '-1')";
      			$result = mysql_query($sql, $link) or die("Execute SQL command failed!");
      			header("location:client.php?id=$shopid");
      		}else {
      			$currentnumber = $currentnumber + $orderofNumber;
      			$sql = "UPDATE `Shops` SET currentnumber = '$currentnumber' WHERE `shopid` = '$shopid'";
     			$query = mysql_query($sql, $link) or die ("Execute rquery fail!!");
      			//$sql = "INSERT INTO client VALUES ('$ShopName', '$clientName', '$orderofNumber', '$cellPhone', '$str2')";
   				$sql = "INSERT INTO `Client` VALUES (NULL, '$shopid', '$clientName', '$orderofNumber', '$cellPhone', '$ordertime', 'NULL', 'NULL', 'NULL', '0')";
    			$result = mysql_query($sql, $link) or die ("Execute SQL command failed!");
   				header("location:client.php?id=$shopid");
   			}	
      		
      	}else {
      		echo "<script language='javascript'>";
      		echo "alert('訂位人數輸入錯誤');";
      		echo "history.back();";
      		echo "</script>";
      		die();
      	}
?>
